The strategic internal audit

By Julie Gibbs|Sunday, February 16, 2014

On Second Thought

with Julie Gibbs

Internal audits should be on your list of quarterly and annual activities. Why audit so regularly? First of all, Customs and Border Protection (CBP), the Bureau of Industry and Security (BIS) and the Directorate of Defense Trade Controls (DDTC) expect you to audit as a part of a complete compliance program. But, more importantly, internal audits allow you to gauge how your compliance-related operations are living up to meeting goals, metrics and strategic contributions to the company. Ultimately, auditing allows you to evaluate and control risk for your company.
It seems no one has the time or resources for auditing, but if you isolate the greatest risk areas to your company and have a strategic plan it should make the process easier. If your company is large enough, there might even be a corporate internal audit team. Partner with them if you can to gain resources and auditing tools. You can then schedule your audit with each division, so that it won’t conflict with other functional audits.
There are three components of any complete audit: transactions, policies and procedures, and actual operations. If you find errors in your transactions (e.g. shipments and declarations), there is probably a gap between the procedures and operations. Let’s start with transactions.
The first step to auditing transactions is to request all of the data you’ll need to conduct the audit. In addition to obtaining import declarations from the Automated Commercial Environment and export declarations from the Automated Export System, you’ll want to obtain an internal shipment report and, in the case of exports, a report from your forwarders with bill of lading information. That way you’ll have the bill of lading number as a reference that connects most, if not all, of the shipments.
Before selecting the universe of data you will be auditing, use past audit reports and corrective action plans to identify areas of highest risk. You’ll also want to identify any new areas of risk, such as changes to the business (e.g. new overseas sourcing or sales regions, new government or military customers, new product lines, etc.), and to the regulations (e.g. export reform, changes to the tariff, etc.). By doing this, you can hone in on the type of transactions you’ll want to audit.
At BPE Global, we frequently perform audits and see all types of errors on shipping documents and declarations. In addition to the typical classification, valuation, country of origin, and related party errors, we see other types of issues that go beyond the paperwork. Examples include personal imports or exports (typically from the mailroom), returns and repairs without the proper 9801/9802 documentation, routed transactions that have Incoterms suggesting otherwise, NAFTA certificates that have been printed on old outdated NAFTA forms. These are all red flags that suggest issues beyond just data errors. Make sure you capture these types of issues in your final audit report with corrective actions.
Policies and procedures are sometimes the most often neglected part of any compliance program. They were written a long time ago and then never updated. As a consequence, operational personnel think they are following the correct procedures, when they are really missing some valuable compliance-related details. Failure to follow procedures will show up in the transaction audit, but there are other areas of the business that aren’t necessarily linked to a shipment that are important to audit. For instance, is human resources requesting deemed export license determinations when completing I-129 forms and are divisions keeping their technology control plans current? Is the sales team completing end-use/end-user checklists and correctly identifying foreign government end users? Are all divisions, especially those overseas, submitting boycott request reports?
Interviewing personnel responsible for trade compliance activities throughout your company will help you to obtain the answers to the questions above. This is where you can reconcile the gaps between what is supposed to be happening and what isn’t. Recent personnel hires in departments such as logistics/shipping, sales, and order management are good targets to interview, as well to gauge how well they have been trained on trade compliance-related procedures.
When your audit report has been completed, you’ll want to share the results with all of the respective departments involved first before sharing with management. It’s only fair they have a chance to review any results that might seem unfavorable and allow them to provide any additional information. When presenting to management, stay away from line-item by line-item detail. Roll up the results into graphs and statistics they can understand and provide them with the corrective actions that need to occur to resolve any significant issues. Always prioritize the corrective actions and concentrate on the actions that require additional resources and further management support.
The most important part of the review with management is to make the discussion strategic. Hopefully you have your three-to-five year strategic plan handy so you can tie successful audit areas to any metrics (e.g. reduce cost, improve supply chain cycle time, improve customer satisfaction, etc.). Conversely, show where issues will cause a roadblock in your strategic plan if resources and/or management support are not obtained. Over the next six months, you’ll want to track corrective actions to ensure they are implemented. Good luck and we hope this has helped you create your own strategy for internal auditing.Gibbs is a director at BPE Global, a trade consulting and training firm focused on enabling companies to succeed globally. She can be reached by email.